Browse Source

mini-mirror: Add ingress

Currently, services rely on an in-cluster service address in order to
interact with mini-mirror. This change introduces support for cluster
ingress so services or nodes may resolve mini-mirror from outside a
cluster.

Change-Id: I5cc451de3f3e1be7d046bf9ca50b1ad53682d01b
Drew Walters 2 months ago
parent
commit
ad468883c6

+ 2
- 2
mini-mirror/templates/deployment-mini-mirror.yaml View File

@@ -40,8 +40,8 @@ spec:
40 40
         - name: mini-mirror-api
41 41
 {{ tuple $envAll "mini-mirror" | include "helm-toolkit.snippets.image" | indent 10 }}
42 42
           ports:
43
-            - name: http
44
-              containerPort: {{ tuple "api" "port" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
43
+            - name: api
44
+              containerPort: {{ tuple "api" "port" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
45 45
 {{ if .Values.network.api.node_port.enabled }}
46 46
               nodePort: {{ .Values.network.api.node_port.port }}
47 47
 {{ end }}

+ 21
- 0
mini-mirror/templates/ingress-mini-mirror.yaml View File

@@ -0,0 +1,21 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+Copyright 2019, AT&T Intellectual Property
4
+
5
+Licensed under the Apache License, Version 2.0 (the "License");
6
+you may not use this file except in compliance with the License.
7
+You may obtain a copy of the License at
8
+
9
+   http://www.apache.org/licenses/LICENSE-2.0
10
+
11
+Unless required by applicable law or agreed to in writing, software
12
+distributed under the License is distributed on an "AS IS" BASIS,
13
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+See the License for the specific language governing permissions and
15
+limitations under the License.
16
+*/}}
17
+
18
+{{- if and .Values.manifests.ingress .Values.network.api.ingress.public }}
19
+{{- $ingressOpts := dict "envAll" . "backendServiceType" "api" "backendPort" "api" -}}
20
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
21
+{{- end }}

+ 21
- 0
mini-mirror/templates/secret-ingress-tls.yaml View File

@@ -0,0 +1,21 @@
1
+{{/*
2
+Copyright 2017-2018 The Openstack-Helm Authors.
3
+Copyright 2019, AT&T Intellectual Property
4
+
5
+Licensed under the Apache License, Version 2.0 (the "License");
6
+you may not use this file except in compliance with the License.
7
+You may obtain a copy of the License at
8
+
9
+   http://www.apache.org/licenses/LICENSE-2.0
10
+
11
+Unless required by applicable law or agreed to in writing, software
12
+distributed under the License is distributed on an "AS IS" BASIS,
13
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+See the License for the specific language governing permissions and
15
+limitations under the License.
16
+*/}}
17
+
18
+{{- if .Values.manifests.secret_ingress_tls }}
19
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "api" ) }}
20
+{{- end }}
21
+

+ 21
- 0
mini-mirror/templates/service-ingress-mini-mirror.yaml View File

@@ -0,0 +1,21 @@
1
+{{/*
2
+Copyright 2017 The Openstack-Helm Authors.
3
+Copyright 2019, AT&T Intellectual Property
4
+
5
+Licensed under the Apache License, Version 2.0 (the "License");
6
+you may not use this file except in compliance with the License.
7
+You may obtain a copy of the License at
8
+
9
+   http://www.apache.org/licenses/LICENSE-2.0
10
+
11
+Unless required by applicable law or agreed to in writing, software
12
+distributed under the License is distributed on an "AS IS" BASIS,
13
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+See the License for the specific language governing permissions and
15
+limitations under the License.
16
+*/}}
17
+
18
+{{- if and .Values.manifests.service_ingress .Values.network.api.ingress.public }}
19
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "api" -}}
20
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
21
+{{- end }}

+ 3
- 3
mini-mirror/templates/service-mini-mirror.yaml View File

@@ -20,14 +20,14 @@ limitations under the License.
20 20
 apiVersion: v1
21 21
 kind: Service
22 22
 metadata:
23
-  name: {{ tuple "api" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
23
+  name: {{ tuple "api" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
24 24
 spec:
25 25
   ports:
26
-  - name: http
26
+  - name: api
27 27
 {{ if .Values.network.api.node_port.enabled }}
28 28
     nodePort: {{ .Values.network.api.node_port.port }}
29 29
 {{ end }}
30
-    port: {{ .Values.endpoints.api.port.http.public }}
30
+    port: {{ tuple "api" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
31 31
     protocol: TCP
32 32
     targetPort: 80
33 33
   selector:

+ 24
- 1
mini-mirror/values.yaml View File

@@ -110,12 +110,19 @@ endpoints:
110 110
       public: mini-mirror
111 111
     host_fqdn_override:
112 112
       default: null
113
+      # NOTE(drewwalters96): this chart supports TLS for fqdn over-ridden
114
+      # public endpoints using the following format:
115
+      # public:
116
+      #   host: null
117
+      #   tls:
118
+      #     crt: null
119
+      #     key: null
113 120
     path:
114 121
       default: /
115 122
     scheme:
116 123
       default: http
117 124
     port:
118
-      http:
125
+      api:
119 126
         default: 8888
120 127
         public: 80
121 128
 
@@ -125,13 +132,29 @@ network:
125 132
     node_port:
126 133
       enabled: false
127 134
       port: 8888
135
+    ingress:
136
+      public: true
137
+      classes:
138
+        namespace: "nginx"
139
+        cluster: "nginx-cluster"
140
+      annotations:
141
+        nginx.ingress.kubernetes.io/rewrite-target: /
142
+
143
+secrets:
144
+  tls:
145
+    api:
146
+      api:
147
+        public: mini-mirror-tls-public
128 148
 
129 149
 manifests:
130 150
   configmap_bin: true
131 151
   configmap_etc: true
132 152
   deployment_mini_mirror: true
133 153
   helm_test: true
154
+  ingress: true
134 155
   job_image_repo_sync: true
156
+  secret_ingress_tls: true
157
+  service_ingress: true
135 158
   service_mini_mirror: true
136 159
 
137 160
 conf:

Loading…
Cancel
Save